---
apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-config
  namespace: kube-{{ .Chart.Name }}
  {{- include "helm_lib_module_labels" (list . (dict "app" .Chart.Name)) | nindent 2 }}
data:
  nginx.conf: |
    worker_processes 1;

    error_log  /dev/stderr warn;
    pid        /tmp/nginx.pid;

    events {
      worker_connections  1000;
    }

    http {
      include       /opt/nginx-static/conf/mime.types;
      default_type  application/octet-stream;

      log_format json_combined escape=json
        '{'
          '"time_local":"$time_local",'
          '"remote_addr":"$remote_addr",'
          '"remote_user":"$remote_user",'
          '"request":"$request",'
          '"status": "$status",'
          '"body_bytes_sent":"$body_bytes_sent",'
          '"request_time":"$request_time",'
          '"http_referrer":"$http_referer",'
          '"http_user_agent":"$http_user_agent"'
        '}';

      access_log /dev/stdout json_combined;

      sendfile on;
      keepalive_timeout  65;

      client_body_temp_path /tmp/client_temp;
      proxy_temp_path       /tmp/proxy_temp;
      fastcgi_temp_path     /tmp/fastcgi_temp;
      uwsgi_temp_path       /tmp/uwsgi_temp;
      scgi_temp_path        /tmp/scgi_temp;

      server {
        listen 8080 default_server;
        server_name _ default;

        set_real_ip_from 0.0.0.0/0;

        location /healthz {
          access_log off;
          return 200;
        }

        {{- range $location := .Values.basicAuth.internal.locations }}
          {{- if eq $location.location "/" }}
        location / {
          {{- else }}
        location /{{ $location.location | trimPrefix "/" }} {
          {{- end }}
          satisfy any;

          {{- if hasKey $location "users" }}
          auth_basic "Authentication Required!";
            {{- if eq $location.location "/" }}
          auth_basic_user_file /opt/nginx-static/htpasswd/htpasswd;
            {{- else }}
          auth_basic_user_file /opt/nginx-static/htpasswd/{{ $location.location | trimPrefix "/" }};
            {{- end }}
          {{- end }}

          {{- if hasKey $location "whitelist" }}
            {{- range $value := $location.whitelist }}
          allow {{ $value }};
            {{- end }}
          {{- end }}

          deny  all;

          # return 200 simplest crutch
          try_files FAKE_NON_EXISTENT @return200;
        }
        {{- end }}

        location @return200 {
          return 200 Ok;
        }
      }
    }
